1010 description : ' Deploy to aws regions'
1111 required : true
1212 default : ' us-east-1, us-east-2, us-west-1, us-west-2, ap-south-1, ap-northeast-3, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-northeast-1, ca-central-1, eu-central-1, eu-west-1, eu-west-2, eu-west-3, eu-north-1, sa-east-1, af-south-1, ap-east-1, ap-south-2, ap-southeast-3, ap-southeast-4, eu-central-2, eu-south-1, eu-south-2, il-central-1, me-central-1, me-south-1, ap-southeast-5, ap-southeast-7, mx-central-1, ca-west-1, cn-north-1, cn-northwest-1'
13- push :
14- branches :
15- zhaez/patch-1
1613
1714env :
1815 # Legacy list of commercial regions to deploy to. New regions should NOT be added here, and instead should be added to the `aws_region` default input to the workflow.
@@ -60,145 +57,145 @@ jobs:
6057 with :
6158 name : layer.zip
6259 path : lambda-layer/src/build/aws-opentelemetry-python-layer.zip
63- # publish-prod:
64- # runs-on: ubuntu-latest
65- # needs: build-layer
66- # strategy:
67- # matrix:
68- # aws_region: ${{ fromJson(needs.build-layer.outputs.aws_regions_json) }}
69- # steps:
70- # - name: role arn
71- # env:
72- # LEGACY_COMMERCIAL_REGIONS: ${{ env.LEGACY_COMMERCIAL_REGIONS }}
73- # run: |
74- # LEGACY_COMMERCIAL_REGIONS_ARRAY=(${LEGACY_COMMERCIAL_REGIONS//,/ })
75- # FOUND=false
76- # for REGION in "${LEGACY_COMMERCIAL_REGIONS_ARRAY[@]}"; do
77- # if [[ "$REGION" == "${{ matrix.aws_region }}" ]]; then
78- # FOUND=true
79- # break
80- # fi
81- # done
82- # if [ "$FOUND" = true ]; then
83- # echo "Found ${{ matrix.aws_region }} in LEGACY_COMMERCIAL_REGIONS"
84- # SECRET_KEY="LAMBDA_LAYER_RELEASE"
85- # else
86- # echo "Not found ${{ matrix.aws_region }} in LEGACY_COMMERCIAL_REGIONS"
87- # SECRET_KEY="${{ matrix.aws_region }}_LAMBDA_LAYER_RELEASE"
88- # fi
89- # SECRET_KEY=${SECRET_KEY//-/_}
90- # echo "SECRET_KEY=${SECRET_KEY}" >> $GITHUB_ENV
91- # - uses: aws-actions/[email protected] 92- # with:
93- # role-to-assume: ${{ secrets[env.SECRET_KEY] }}
94- # role-duration-seconds: 1200
95- # aws-region: ${{ matrix.aws_region }}
96- # - name: Get s3 bucket name for release
97- # run: |
98- # echo BUCKET_NAME=python-lambda-layer-${{ github.run_id }}-${{ matrix.aws_region }} | tee --append $GITHUB_ENV
99- # - name: download layer.zip
100- # uses: actions/download-artifact@v4
101- # with:
102- # name: layer.zip
103- # - name: publish
104- # run: |
105- # aws s3 mb s3://${{ env.BUCKET_NAME }}
106- # aws s3 cp aws-opentelemetry-python-layer.zip s3://${{ env.BUCKET_NAME }}
107- # layerARN=$(
108- # aws lambda publish-layer-version \
109- # --layer-name ${{ env.LAYER_NAME }} \
110- # --content S3Bucket=${{ env.BUCKET_NAME }},S3Key=aws-opentelemetry-python-layer.zip \
111- # --compatible-runtimes python3.10 python3.11 python3.12 python3.13 \
112- # --compatible-architectures "arm64" "x86_64" \
113- # --license-info "Apache-2.0" \
114- # --description "AWS Distro of OpenTelemetry Lambda Layer for Python Runtime" \
115- # --query 'LayerVersionArn' \
116- # --output text
117- # )
118- # echo $layerARN
119- # echo "LAYER_ARN=${layerARN}" >> $GITHUB_ENV
120- # mkdir ${{ env.LAYER_NAME }}
121- # echo $layerARN > ${{ env.LAYER_NAME }}/${{ matrix.aws_region }}
122- # cat ${{ env.LAYER_NAME }}/${{ matrix.aws_region }}
123- # - name: public layer
124- # run: |
125- # layerVersion=$(
126- # aws lambda list-layer-versions \
127- # --layer-name ${{ env.LAYER_NAME }} \
128- # --query 'max_by(LayerVersions, &Version).Version'
129- # )
130- # aws lambda add-layer-version-permission \
131- # --layer-name ${{ env.LAYER_NAME }} \
132- # --version-number $layerVersion \
133- # --principal "*" \
134- # --statement-id publish \
135- # --action lambda:GetLayerVersion
136- # - name: upload layer arn artifact
137- # if: ${{ success() }}
138- # uses: actions/upload-artifact@v4
139- # with:
140- # name: ${{ env.LAYER_NAME }}-${{ matrix.aws_region }}
141- # path: ${{ env.LAYER_NAME }}/${{ matrix.aws_region }}
142- # - name: clean s3
143- # if: always()
144- # run: |
145- # aws s3 rb --force s3://${{ env.BUCKET_NAME }}
146- generate-release-note :
60+ publish-prod :
14761 runs-on : ubuntu-latest
14862 needs : build-layer
63+ strategy :
64+ matrix :
65+ aws_region : ${{ fromJson(needs.build-layer.outputs.aws_regions_json) }}
66+ steps :
67+ - name : role arn
68+ env :
69+ LEGACY_COMMERCIAL_REGIONS : ${{ env.LEGACY_COMMERCIAL_REGIONS }}
70+ run : |
71+ LEGACY_COMMERCIAL_REGIONS_ARRAY=(${LEGACY_COMMERCIAL_REGIONS//,/ })
72+ FOUND=false
73+ for REGION in "${LEGACY_COMMERCIAL_REGIONS_ARRAY[@]}"; do
74+ if [[ "$REGION" == "${{ matrix.aws_region }}" ]]; then
75+ FOUND=true
76+ break
77+ fi
78+ done
79+ if [ "$FOUND" = true ]; then
80+ echo "Found ${{ matrix.aws_region }} in LEGACY_COMMERCIAL_REGIONS"
81+ SECRET_KEY="LAMBDA_LAYER_RELEASE"
82+ else
83+ echo "Not found ${{ matrix.aws_region }} in LEGACY_COMMERCIAL_REGIONS"
84+ SECRET_KEY="${{ matrix.aws_region }}_LAMBDA_LAYER_RELEASE"
85+ fi
86+ SECRET_KEY=${SECRET_KEY//-/_}
87+ echo "SECRET_KEY=${SECRET_KEY}" >> $GITHUB_ENV
88+ -
uses :
aws-actions/[email protected] 89+ with :
90+ role-to-assume : ${{ secrets[env.SECRET_KEY] }}
91+ role-duration-seconds : 1200
92+ aws-region : ${{ matrix.aws_region }}
93+ - name : Get s3 bucket name for release
94+ run : |
95+ echo BUCKET_NAME=python-lambda-layer-${{ github.run_id }}-${{ matrix.aws_region }} | tee --append $GITHUB_ENV
96+ name : download layer.zip
97+ uses : actions/download-artifact@v4
98+ with :
99+ name : layer.zip
100+ - name : publish
101+ run : |
102+ aws s3 mb s3://${{ env.BUCKET_NAME }}
103+ aws s3 cp aws-opentelemetry-python-layer.zip s3://${{ env.BUCKET_NAME }}
104+ layerARN=$(
105+ aws lambda publish-layer-version \
106+ --layer-name ${{ env.LAYER_NAME }} \
107+ --content S3Bucket=${{ env.BUCKET_NAME }},S3Key=aws-opentelemetry-python-layer.zip \
108+ --compatible-runtimes python3.10 python3.11 python3.12 python3.13 \
109+ --compatible-architectures "arm64" "x86_64" \
110+ --license-info "Apache-2.0" \
111+ --description "AWS Distro of OpenTelemetry Lambda Layer for Python Runtime" \
112+ --query 'LayerVersionArn' \
113+ --output text
114+ )
115+ echo $layerARN
116+ echo "LAYER_ARN=${layerARN}" >> $GITHUB_ENV
117+ mkdir ${{ env.LAYER_NAME }}
118+ echo $layerARN > ${{ env.LAYER_NAME }}/${{ matrix.aws_region }}
119+ cat ${{ env.LAYER_NAME }}/${{ matrix.aws_region }}
120+ name : public layer
121+ run : |
122+ layerVersion=$(
123+ aws lambda list-layer-versions \
124+ --layer-name ${{ env.LAYER_NAME }} \
125+ --query 'max_by(LayerVersions, &Version).Version'
126+ )
127+ aws lambda add-layer-version-permission \
128+ --layer-name ${{ env.LAYER_NAME }} \
129+ --version-number $layerVersion \
130+ --principal "*" \
131+ --statement-id publish \
132+ --action lambda:GetLayerVersion
133+ name : upload layer arn artifact
134+ if : ${{ success() }}
135+ uses : actions/upload-artifact@v4
136+ with :
137+ name : ${{ env.LAYER_NAME }}-${{ matrix.aws_region }}
138+ path : ${{ env.LAYER_NAME }}/${{ matrix.aws_region }}
139+ - name : clean s3
140+ if : always()
141+ run : |
142+ aws s3 rb --force s3://${{ env.BUCKET_NAME }}
143+ generate-release-note :
144+ runs-on : ubuntu-latest
145+ needs : publish-prod
149146 steps :
150147 - name : Checkout Repo @ SHA - ${{ github.sha }}
151148 uses : actions/checkout@v4
152149 - uses : hashicorp/setup-terraform@v2
153- # - name: download layerARNs
154- # uses: actions/download-artifact@v4
155- # with:
156- # pattern: ${{ env.LAYER_NAME }}-*
157- # path: ${{ env.LAYER_NAME }}
158- # merge-multiple: true
159- # - name: show layerARNs
160- # run: |
161- # for file in ${{ env.LAYER_NAME }}/*
162- # do
163- # echo $file
164- # cat $file
165- # done
166- # - name: generate layer-note
167- # working-directory: ${{ env.LAYER_NAME }}
168- # run: |
169- # echo "| Region | Layer ARN |" >> ../layer-note
170- # echo "| ---- | ---- |" >> ../layer-note
171- # for file in *
172- # do
173- # read arn < $file
174- # echo "| " $file " | " $arn " |" >> ../layer-note
175- # done
176- # cat ../layer-note
177- # - name: generate tf layer
178- # working-directory: ${{ env.LAYER_NAME }}
179- # run: |
180- # echo "locals {" >> ../layer_arns.tf
181- # echo " sdk_layer_arns = {" >> ../layer_arns.tf
182- # for file in *
183- # do
184- # read arn < $file
185- # echo " \""$file"\" = \""$arn"\"" >> ../layer_arns.tf
186- # done
187- # cd ..
188- # echo " }" >> layer_arns.tf
189- # echo "}" >> layer_arns.tf
190- # terraform fmt layer_arns.tf
191- # cat layer_arns.tf
192- # - name: generate layer ARN constants for CDK
193- # working-directory: ${{ env.LAYER_NAME }}
194- # run: |
195- # echo "{" > ../layer_cdk
196- # for file in *; do
197- # read arn < "$file"
198- # echo " \"$file\": \"$arn\"," >> ../layer_cdk
199- # done
200- # echo "}" >> ../layer_cdk
201- # cat ../layer_cdk
150+ - name : download layerARNs
151+ uses : actions/download-artifact@v4
152+ with :
153+ pattern : ${{ env.LAYER_NAME }}-*
154+ path : ${{ env.LAYER_NAME }}
155+ merge-multiple : true
156+ - name : show layerARNs
157+ run : |
158+ for file in ${{ env.LAYER_NAME }}/*
159+ do
160+ echo $file
161+ cat $file
162+ done
163+ name : generate layer-note
164+ working-directory : ${{ env.LAYER_NAME }}
165+ run : |
166+ echo "| Region | Layer ARN |" >> ../layer-note
167+ echo "| ---- | ---- |" >> ../layer-note
168+ for file in *
169+ do
170+ read arn < $file
171+ echo "| " $file " | " $arn " |" >> ../layer-note
172+ done
173+ cat ../layer-note
174+ name : generate tf layer
175+ working-directory : ${{ env.LAYER_NAME }}
176+ run : |
177+ echo "locals {" >> ../layer_arns.tf
178+ echo " sdk_layer_arns = {" >> ../layer_arns.tf
179+ for file in *
180+ do
181+ read arn < $file
182+ echo " \""$file"\" = \""$arn"\"" >> ../layer_arns.tf
183+ done
184+ cd ..
185+ echo " }" >> layer_arns.tf
186+ echo "}" >> layer_arns.tf
187+ terraform fmt layer_arns.tf
188+ cat layer_arns.tf
189+ name : generate layer ARN constants for CDK
190+ working-directory : ${{ env.LAYER_NAME }}
191+ run : |
192+ echo "{" > ../layer_cdk
193+ for file in *; do
194+ read arn < "$file"
195+ echo " \"$file\": \"$arn\"," >> ../layer_cdk
196+ done
197+ echo "}" >> ../layer_cdk
198+ cat ../layer_cdk
202199name : download layer.zip
203200 uses : actions/download-artifact@v4
204201 with :
@@ -219,6 +216,7 @@ jobs:
219216 echo "" >> release_notes.md
220217 echo "See new Lambda Layer ARNs:" >> release_notes.md
221218 echo "" >> release_notes.md
219+ cat layer-note >> release_notes.md
222220 echo "" >> release_notes.md
223221 echo "Notes:" >> release_notes.md
224222name : Create GH release
@@ -233,16 +231,16 @@ jobs:
233231 --notes-file release_notes.md \
234232 --draft \
235233 "lambda-v${VERSION}-${SHA_SHORT}" \
236- layer.zip
234+ layer_arns.tf layer.zip
237235 echo Removing release_notes.md ...
238236 rm -f release_notes.md
239- # - name: Upload layer.zip and SHA-256 checksum to SDK Release Notes (tagged with latest)
240- # env:
241- # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
242- # run: |
243- # LATEST_SDK_VERSION=$(gh release list --repo "aws-observability/aws-otel-python-instrumentation" --json tagName,isLatest -q 'map(select(.isLatest==true)) | .[0].tagName')
244- # # Generate SHA-256 checksum for layer.zip
245- # shasum -a 256 layer.zip > layer.zip.sha256
246- # # Upload layer.zip and its checksum to the latest SDK release note
247- # gh release upload "$LATEST_SDK_VERSION" layer.zip layer.zip.sha256 --repo "aws-observability/aws-otel-python-instrumentation" --clobber
248- # echo "✅ layer.zip successfully uploaded to $LATEST_SDK_VERSION in the upstream repo!"
237+ name : Upload layer.zip and SHA-256 checksum to SDK Release Notes (tagged with latest)
238+ env :
239+ GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
240+ run : |
241+ LATEST_SDK_VERSION=$(gh release list --repo "aws-observability/aws-otel-python-instrumentation" --json tagName,isLatest -q 'map(select(.isLatest==true)) | .[0].tagName')
242+ # Generate SHA-256 checksum for layer.zip
243+ shasum -a 256 layer.zip > layer.zip.sha256
244+ # Upload layer.zip and its checksum to the latest SDK release note
245+ gh release upload "$LATEST_SDK_VERSION" layer.zip layer.zip.sha256 --repo "aws-observability/aws-otel-python-instrumentation" --clobber
246+ echo "✅ layer.zip successfully uploaded to $LATEST_SDK_VERSION in the upstream repo!"
0 commit comments